Jump to content

i cant believe how hard it is to sign up here (paraniod or what?)


Recommended Posts

first off let me say that my "simple" sign up took 45 minutes to pass your paranoid impossible to see images in outdated  captcha images, then not telling if my million character long password which will never be used again or my ID which was already used but not shown to me until after 20 pages of unintelligible images using an outdated robot detection system which has the dumbest question ever "what planet is BEFORE the earth?" what does BEFORE THE EARTH MEAN? then have me repeat the process no less than 20 times. But i had to so i could post what i have found out about Malwarebytes purposely sending me to webpages that they generate saying my computer has a virus and microsoft BLAH BLAH BLAH! Funny thing is as soon as the trial period ended and i deactivated this useless virus machine they provide so nicely for free, so di all the page redirects and the pop ups and the viruses. things also noted why didnt it ever block any of this from happening?

 

Ran a different detector SPYWAREBLASTER and it found 3 viruses that this one never detected in 5 passes. but it wasnt until i deactivated this virus generator that the fake web pages quit popping up and all the constant redirects stopped as well! thanks for nothing, ill remember what you did and on top of it the 45 minutes i wasted just to alert others about your shenanigans. quit trying to fake scare users into signing up for extra problems i mean protection. Antivirus programs are like LIFELOCK simply useless, just there to bring a false sense of security when there is very little threat to begin with. there are much better AV programs that are 100% free and do a top notch job of sorting out all computer problems. With the rapid decline of home PCs and the inevitable end of the home PC as we know it these programs become less and less affective because who do you think makes the viruses in the first place? some guy who you never met sitting around wasting time trying to send a virus to random computers for what reason? whats the big gain for him? nothing but it sure helps antivirus programs sell when they exist. so you do math. kick your home pc to the curb they are dinosaurs and you can do much more simply by using a tablet or phone. get rid of expensive cox cable snakes in the grass providers who ask you to go paperless just so they can hike your bill knowing you are less likely to see the increase if its not printed on paper for you to see before its automatically deducted from your bank account. it'll take 2 months before you notice it, and they jack it up around $40 more. i caught them right away and ditched them after 20 years of service and im much better off using a prepaid phone to get on line as i am now. never worryu about a single virus and my bill is always $55 a month no matter how much  i use it. 120GB a month and never a problem.

 

remove this useless AV program and never try it again, instantly no more redirects no more microsoft virus warnings, etc.....

 

i dont even care to hear back from this rant im just putting it out there and doubt the page will ever be posted anyway!

Link to post
Share on other sites

Greetings,

I'm sorry for the experience with the captcha etc., it is rather stringent, unfortunately implementing these measures became necessary after many months (more than a year, really) of near constant spambot floods on the forums, and since implementing these measures the amount of spam on the forums is nearly 0 (we get one or two stray spammers every once in a while, maybe around 2 or 3 a month these days where before it would literally be a constant onslaught daily of tons of spam accounts/posts).  That said, I will inform the team of your comments regarding the signup process and hopefully they can make changes to make it easier without compromising its effectiveness against the spambots.

With regards to the redirects, I'm not sure what that's about but it sounds like a tech support scam.  Malwarebytes definitely doesn't create/participate in any such activities and while they do try their best to block them via the Web Protection component, new ones pop up all the time making it difficult to stay on top of them at all times.  In fact, because of this Malwarebytes has actually created a new browser extension which is currently in beta (and also free at the moment for anyone who wants to try it) for both Chrome and Firefox that uses behavior based detection to block tech support scam sites and other malicious webpages rather than just using the block list method implemented in Malwarebytes Premium.

As for the other scanner, I'm not sure what you scanned with, but it couldn't have been Spywareblaster as that's a free tool designed to block/blacklist malicious ActiveX controls and add known malicious sites to the restricted sites lists in IE and other browsers; it has no scan/detection engine or threat signatures (I know because I use it on my own systems and have for many years).  I suspect that whatever other scanner you used, it removed a malicious browser plugin which was the actual cause of the redirects to the tech support scam site you were seeing because the only redirect that Malwarebytes uses looks like this.

Now, as for the reason that people create malware, the fact of the matter is it's a multi-billion dollar a year industry.  Whether through extortion scams such as ransomware, phishing, tech support scams (like the website redirects you encountered in your browser), PUPs (Potentially Unwanted Programs) such as adware and other undesirable software that the bad guys will use Trojans and other malware to install on systems to get paid because the vendors of those programs pay them based on each successful installation/click etc., browser hijackers that provide revenue from clicks in search results as well as advertisements (Google AdSense and similar ad payment programs), as well as more specialized threats such as credential stealing malware that seeks Steam logins, PayPal and other financial services credentials, and also APTs and other threats that target businesses and government targets seeking data.  What it boils down to is money, but not for the AV vendors because believe it or not, the bad guys are far better financed than any of the AV makers as they are financed by organized crime and some are even financed by hostile governments that seek to attack infrastructural, government and industrial targets of competing nations.  These days big data is also a big target, with data breaches making the headlines on a regular basis, the bad guys use that data to generate income via email scams and other types of extortion schemes as well as identity theft (creating credit card accounts using stolen info etc.).

If you want to learn more about the latest threats, how they work and why they exist you can read up on the articles in the Malwarebytes Labs Blog and you'll quickly see what I mean about it being all about money.

It used to be many years ago that viruses and other threats were primarily created by individual hackers just strutting their stuff more as a gag than anything else (even though they were often harmful), but today the goal of the vast majority of threats is all about money.  Malware is a business, and yes, anti-malware is a business as well, however if Malwarebytes were only interested in making money they wouldn't offer full threat scanning and remediation completely free without any limit on the number of times it can be used, allowing it to update and scan for as long as you keep it installed (including after the free trial for the Premium version ends).  Not many vendors provide such a powerful tool for free.

By the way, with regards to the demise of the PC, the largest botnets to ever exist weren't actually infected PCs, they were IoT (Internet of Things) devices.  These are popular targets these days because they lack many of the defenses (like firewalls and anti-malware/antivirus software) that PCs have so they make easy targets for the bad guys to infiltrate and control.  You may recall the Mirai botnet that took down major sites in 2016, including Twitter, Netflix, Reddit and several others; that botnet was composed entirely of IoT devices, not PCs, and there have been others with more to come in the future I'm sure.  Mobile malware is also becoming more popular now that nearly everyone carries smart phones; incidentally, this is also one of the reasons the bad guys have resorted to web based scams like the tech support scam you witnessed (it would display different messaging depending on the type of device connecting to it, with a version for Mac, PC and mobile devices that it determines through the web browser's user agent string), as it can be adapted to attack any type of device the user may be running, not just PCs.

Anyway, I hope that clears things up.  If there is anything else we might help with please let us know.

Thanks

Link to post
Share on other sites

  • 2 months later...

I did not time it; but estimate for me to sign up is 5 minutes.      Problem is two fold.   The password comparator algorithm does not operate in real time and when you have inadvertently typed in non-matching passwords you are forced to go through Captcha another time.  I use complex passwords and it took me 3 trips through captcha before winning.  Yes, I could have taken more time and written my new password down and typed it in with 1 finger, 1 letter at a time and not made mistakes; but old habits die hard.

Second problem is Captcha photos; some of them are such poor resolution in the distance that you cannot be sure of contents.  Also some of them like storefronts have photos that are a matter of guessing if they are store fronts because there are no store names, doors or other solid clues that the photo is actually a store front.  I think Captcha needs more quality assurance testing by 3rd party outsiders of their product.

I have used captcha before and as always (on other websites) it is a frustrating experience.

In the interest of appealing to a larger membership and not turn off prospective new members and potential paying subscribers, I suggest you try to make the sign up filter more user friendly by addressing the above difficulties.  I have seen very creative, simple effective "Captcha" substitutes on other web sites.  I am sure with a little effort your creative people could make a unique to malware; but more foolproof robot detector algorithm in lieu of using Capthca.

 

Link to post
Share on other sites

Why not just type out your password in notepad or something similar, then just copy/paste it into the password fields?  That's what I do (I also user super complex/random passwords).

Regarding the Captcha, I'm with you on that front.  I HATE them and I hope they can come up with a better solution that is still capable of beating the bots (and in reality, with the advent of AI/Machine Learning/facial recognition etc. it won't be long before bots are fully capable of defeating them more efficiently than humans ever could anyway, assuming they aren't already there and the spammers just haven't gotten hold of the tech yet).

Link to post
Share on other sites

Thanks for the suggestion, exile.   I should use your notebook suggestion.  I have been discouraged from doing that because some sites prohibit pasting into the password block.  However, some don't and I should form the habit of using the notebook idea that I have abandoned.

Link to post
Share on other sites

Yes, thankfully most sites don't prevent it these days and it's been a really long time since I've come across a site that did.  In fact, the last time I can recall anything not allowing it, it was with Skype and Outlook (both Microsoft products; obviously they're not fans of this method).  Pretty much everywhere else I've signed up at has allowed it, even banks and credit card company sites.

Anyway, I'll be sure to pass your feedback on to the team.  Hopefully they can convince IPS (the software provider that develops and maintains the software for the forums) to use an alternative implementation, but unfortunately I'm pretty sure it is up to them to decide.  I think the only option we have at this point is to enable the CAPTCHA or not, and having it and dealing with its difficulties far outweighs the negatives of constant spambot floods we used to get before enabling it, so hopefully they will be able and willing to provide an alternative, especially since both CAPTCHA and reCAPTCHA have in fact already been defeated by AI (though reCAPTCHA was patched to be more resistant; it's still only a matter of time before the current implementation is cracked, I'm sure):

https://www.abc.net.au/news/science/2017-10-27/captcha-cracking-artificial-intelligence-machine-learning/9080608
https://thenextweb.com/google/2017/10/26/google-recaptcha-ai-security-beat/

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.